rix101/machines/nixos/x86_64-linux/jeeves/wireguard.nix
reo101 4afa641a4d
feat(limonka)!: jellyfin and transmission config
Add config for the `jellyfin` service
Add config for the `transmission` service
Fix networking issue (DNS died after some time)
Rename `jeeves_password` secret
Fix deprecated `passwordFile` -> `hashedPasswordFile`
2023-11-17 16:03:25 +02:00

76 lines
1.8 KiB
Nix

{ lib, pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
wireguard-tools
];
# NOTE: key generation
# umask 077
# wg genkey > private
# wg pubkey < private > public
# Server
age.secrets."wireguard/server.private" = {
file = ../../../../secrets/home/wireguard/server.private.age;
mode = "077";
};
age.secrets."wireguard/server.public" = {
file = ../../../../secrets/home/wireguard/server.public.age;
};
networking.firewall.allowedUDPPorts = [51820];
systemd.network = {
netdevs = {
"50-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."wireguard/server.private".path;
ListenPort = 51820;
};
wireguardPeers = [
{
# cheetah
wireguardPeerConfig = {
PublicKey = "CFTGvBcly791ClwyS6PzTjmqztvYJW2eklR7it/QhxI=";
AllowedIPs = [
"0.0.0.0/0"
# "::/0"
];
};
}
{
# limonka
wireguardPeerConfig = {
PublicKey = "+x4cKc16KxhW/M3wv64FU1J0AkiLyXT5Oar6I1n1xk4=";
AllowedIPs = [
"0.0.0.0/0"
# "192.168.1.0/24"
];
};
}
{
# s42
wireguardPeerConfig = {
PublicKey = "pZF6M8TZ1FSBtTwFz4xzlMqwqRScEqgBfqHBk7ddixc=";
AllowedIPs = [
"0.0.0.0/0"
];
};
}
];
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = ["10.100.0.1/24"];
networkConfig = {
IPMasquerade = "ipv4";
IPForward = true;
};
};
};
}